This post is also available in: heעברית (Hebrew)

Hackers helped the US Administration detect cyber vulnerabilities. More than 400 vulnerabilities were found in US Department of Defense contractor’s networks thanks to the work of ethical hackers. The project is the biggest look into the vulnerability of DoD’s industrial base. 

During a year-long bug bounty program, the hackers probed 41 companies and found more than 400 vulnerabilities that needed mitigation, according to federalnewsnetwork.com. The companies voluntarily joined the bug bounty-like program and agreed to have HackerOne, an organization of ethical hackers, look for holes.

“DoD Cyber Crime Center’s DoD Vulnerability Disclosure Program has long since recognized the benefits of utilizing crowdsourced ethical hackers to add defense-in-depth protection to the DoD Information Networks,” said Melissa Vice, interim director of the Vulnerability Disclosure Program. “The pilot intended to identify if similar critical and high severity vulnerabilities existed on small to medium cleared and non-cleared defense industrial base company assets.”

Such check-up has become especially important now that the US military is concerned about the strength of its supply chain. 

For six years, the Defense Department has put a target on its back and voluntarily told hackers to have at it with certain systems through bug bounties and hackathons. Last year, it expanded that tactic to all of its publicly accessible Defense information systems including public networks, internet of things, industrial control systems, frequency-based communication and more.

The growth signaled success in using contractors and white-hat hackers as a means of bettering the military’s cybersecurity.

Since the creation of bug bounties and hackathons, DoD has caught more than 40,000 vulnerabilities.